» amt_ar_qone8.exe
Overview
Analysis
File Details

amt_ar_qone8.exe

Skytouch Technology Co., Limited

The application amt_ar_qone8.exe by Skytouch Technology Co., Limited has been detected as adware by 37 anti-malware scanners. It is also typically executed from the user's temporary directory.

File name:

amt_ar_qone8.exe

Publisher:

Skytouch Technology Co., Limited (signed and verified)

Version:

2.0.2.2666

MD5:

90f1bc2840596a48305f7ca1c8fcd974

SHA-1:

5bbb4830243d7dc35b1352397a2712e6ada98d08

SHA-256:

2ed231243932fc7b90845379d25421be606f2b71655c2e854e62ee25fefb9fbb

Scanner detections:

37 / 68

Status:

Adware

Analysis date:

4/27/2024 2:26:38 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.ExqPage.3

501

Agnitum Outpost

Trojan.DL.Fyli

7.1.1

AhnLab V3 Security

Win-Trojan/Clicker.702616

2015.07.08

Avira AntiVirus

TR/Wysotot.Gen

8.3.1.6

Arcabit

Trojan.Application.ExqPage.3

1.0.0.425

avast!

Win32:Adware-BZF [Adw]

2014.9-150921

AVG

Startpage

2016.0.2979

Baidu Antivirus

Adware.Win32.Natzoo

4.0.3.15921

Bitdefender

Gen:Variant.Application.ExqPage.3

1.0.20.1320

Clam AntiVirus

Win.Trojan.Wysotot-1

0.98/21511

Comodo Security

Application.Win32.Wysotot.A

22702

Dr.Web

Adware.Mutabaha.38

9.0.1.0264

ESET NOD32

Win32/ELEX.P potentially unwanted (variant)

9.11907

Fortinet FortiGate

W32/Generic!tr

9/21/2015

F-Prot

W32/Backdoor2.HTEG

v6.4.7.1.166

G Data

Gen:Variant.Application.ExqPage

15.9.25

IKARUS anti.virus

Trojan.Agent4

t3scan.1.9.5.0

K7 AntiVirus

Riskware

13.205.16494

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.1392

Malwarebytes

PUP.Optional.Elex.A

v2015.09.21.02

McAfee

Generic.dx!90F1BC284059

5600.6635

Microsoft Security Essentials

TrojanDownloader:Win32/Wysotot.A

1.1.11804.0

MicroWorld eScan

Gen:Variant.Application.ExqPage.3

16.0.0.792

NANO AntiVirus

Trojan.Win32.Mutabaha.cqkbby

0.30.24.2487

nProtect

Trojan/W32.Agent.702616

15.07.08.01

Panda Antivirus

Trj/Elex.A

15.09.21.02

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Quick Heal

TrojanDownloader.Wysotot.A5

9.15.14.00

Reason Heuristics

PUP.ELEX.SkytouchTechnologyCo (M)

15.9.21.14

SUPERAntiSpyware

Trojan.Agent/Gen-ELEX

9616

Total Defense

Win32/Wysotot.A!generic

37.1.62.1

Trend Micro House Call

TROJ_SPNR.0BK713

7.2.264

Trend Micro

TROJ_SPNR.0BK713

10.465.21

Vba32 AntiVirus

Trojan.StartPage

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

41818

ViRobot

Adware.eSafe.702616[h]

2014.3.20.0

Zillya! Antivirus

Trojan.StartPage.Win32.19760

2.0.0.2274

File size:

686.1 KB (702,616 bytes)

Product version:

2.0.2.2666

Original file name:

iXB.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\amt_ar_qone8.exe

Digital Signature

Signed by:

Skytouch Technology Co., Limited

Authority:

GlobalSign nv-sa

Valid from:

7/8/2013 10:29:59 AM

Valid to:

7/9/2014 10:29:59 AM

Subject:

CN="Skytouch Technology Co., Limited", O="Skytouch Technology Co., Limited", L=HongKong, S=HongKong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11216078022FA91C0EB61326E0E8FDBE9C30

File PE Metadata

Compilation timestamp:

10/22/2013 12:18:54 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:3mEBTASggJMutz4hDhFEouFeED0NO3yEU8m/udmipauZZZZ37nvEo8uICH8WQpXi:5BTNJMuJ0NovlbSWcXPQg/ooo3/VMI1p

Entry address:

0x54FD7

Entry point:

E8, 20, F4, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, 2C, 8C, 00, 00, 6A, 16, 5E, 89, 30, E8, 80, 5A, 00, 00, 8B, C6, 5F, 5E, 5D, C3, 8B, F7, 66, 83, 3E, 00, 74, 06, 83, C6, 02, 49, 75, F4, 85, C9, 74, D4, 2B, F2, 0F, B7, 02, 66, 89, 04, 16, 8D, 52, 02, 66, 85, C0, 74, 03, 49, 75, EE, 33, C0, 85, C9, 75, D0, 66, 89, 07, E8, E8, 8B, 00, 00, 6A, 22, EB, BA, 55, 8B, EC, 51, 33, C0, 89, 45, FC, 39... 
[+]

Code size:

515 KB (527,360 bytes)

Remove amt_ar_qone8.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.